linux/drivers
Kaike Wan 2deeb47729 IB/sa: Fix netlink local service GFP crash
The rdma netlink local service registers a handler to handle RESOLVE
response and another handler to handle SET_TIMEOUT request. The first
thing these handlers do is to call netlink_capable() to check the
access right of the received skb to make sure that the sender has root
access. Under normal conditions, such responses and requests will be
directly forwarded to the handlers without going through the netlink_dump
pathway (see ibnl_rcv_msg() in drivers/infiniband/core/netlink.c).
However, a user application could send a RESOLVE request (not response)
to the local service, which will fall into the netlink_dump pathway,
where a new skb will be created without initializing the control block.
This new skb will be eventually forwarded to the local service RESOLVE
response handler. Unfortunately, netlink_capable() will cause general
protection fault if the skb's control block is not initialized. This
patch will address the problem by checking the skb first.

Signed-off-by: Kaike Wan <kaike.wan@intel.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-01-21 11:59:19 -05:00
..
accessibility
acpi nfit: acpi_nfit_notify(): Do not leave device locked 2015-12-11 14:24:26 -08:00
amba
android
ata ata/sata_fsl.c: add ATA_FLAG_NO_LOG_PAGE to blacklist the controller for log page reads 2015-12-07 10:25:57 -05:00
atm
auxdisplay
base Merge branches 'powercap', 'pm-cpufreq' and 'pm-domains' 2015-12-14 22:58:57 +01:00
bcma
block xen: bug fixes for 4.4-rc5 2015-12-18 12:24:52 -08:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-11-10 18:11:41 -08:00
bus Merge branch 'x15-audio-fixes' into omap-for-v4.4/fixes 2015-11-12 09:58:21 -08:00
cdrom
char ipmi: move timer init to before irq is setup 2015-12-09 13:13:06 -06:00
clk ARM: SoC fixes for 4.4-rc 2015-12-12 16:43:44 -08:00
clocksource clocksource: Mmio: remove artificial 32bit limitation 2015-12-10 19:37:18 +01:00
connector mm, page_alloc: distinguish between being unable to sleep, unwilling to sleep and avoiding waking kswapd 2015-11-06 17:50:42 -08:00
cpufreq Merge branches 'powercap', 'pm-cpufreq' and 'pm-domains' 2015-12-14 22:58:57 +01:00
cpuidle cpuidle: mvebu: disable the bind/unbind attributes and use builtin_platform_driver 2015-10-23 12:40:48 +02:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2015-12-05 10:46:44 -08:00
dca
devfreq
dio
dma dmaengine: at_xdmac: fix at_xdmac_prep_dma_memcpy() 2015-12-10 09:48:01 +05:30
dma-buf dma-buf/fence: add fence_wait_any_timeout function v2 2015-10-30 01:16:16 -04:00
edac asm-generic cleanups 2015-11-06 14:22:15 -08:00
eisa
extcon Merge branches 'ib-extcon-mfd-4.4', 'ib-mfd-i2c-v4.4', 'ib-mfd-power-4.4', 'ib-mfd-regmap-4.4' and 'ib-mfd-regulator-4.4' into ibs-for-mfd-merged 2015-10-26 14:48:22 +00:00
firewire IEEE 1394 subsystem patch: 2015-11-11 10:21:34 -08:00
firmware ARM: SoC driver updates for v4.4 2015-11-10 15:00:03 -08:00
fmc
fpga fpga manager: Fix firmware resource leak on error 2015-11-24 15:25:46 -08:00
gpio gpio: revert get() to non-errorprogating behaviour 2015-12-17 15:48:29 +01:00
gpu drm: Don't overwrite UNVERFIED mode status to OK 2015-12-15 11:00:10 +10:00
hid USB fixes for 4.4-rc5 2015-12-13 11:58:18 -08:00
hsi hsi: controllers:remove redundant code 2015-10-30 16:10:40 +01:00
hv drivers/hv: share Hyper-V SynIC constants with userspace 2015-11-04 16:24:33 +01:00
hwmon hwmon: (sht15) Select CONFIG_BITREVERSE 2015-12-18 08:19:52 -08:00
hwspinlock
hwtracing Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-11-13 20:04:17 -08:00
i2c i2c: rcar: disable runtime PM correctly in slave mode 2015-12-19 12:00:37 +01:00
ide mm, page_alloc: rename __GFP_WAIT to __GFP_RECLAIM 2015-11-06 17:50:42 -08:00
idle
iio iio: adc: spmi-vadc: add missing of_node_put 2015-11-21 18:24:44 +00:00
infiniband IB/sa: Fix netlink local service GFP crash 2016-01-21 11:59:19 -05:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2015-12-19 09:51:11 -08:00
iommu IOMMU Fixes for Linux v4.4-rc5 2015-12-18 12:38:35 -08:00
ipack
irqchip irqchip/versatile-fpga: Fix PCI IRQ mapping on Versatile PB 2015-12-01 22:50:16 +01:00
isdn ser_gigaset: remove unnecessary kfree() calls from release method 2015-12-15 13:24:21 -05:00
leds spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
lguest
lightnvm lightnvm: do not compile in debugging by default 2015-12-07 09:14:20 -07:00
macintosh
mailbox mailbox: mailbox-test: avoid reading iomem twice 2015-11-04 14:03:04 +05:30
mcb mcb: Destroy IDA on module unload 2015-10-29 09:02:16 +09:00
md Fix remove_and_add_spares removes drive added as spare in slot_store 2015-12-18 15:19:16 +11:00
media media fixes for v4.4-rc6 2015-12-18 15:41:35 -08:00
memory ARM: SoC driver updates for v4.4 2015-11-10 15:00:03 -08:00
memstick
message SCSI queue for 4.4. 2015-11-12 07:06:18 -05:00
mfd asm-generic cleanups 2015-11-06 14:22:15 -08:00
misc cxl: Set endianess of kernel contexts 2015-12-08 16:57:01 +11:00
mmc mmc: remove bondage between REQ_META and reliable write 2015-11-09 14:04:52 +01:00
mtd doc: dt: mtd: partitions: add compatible property to "partitions" node 2015-12-08 17:10:20 -08:00
net net/mlx4_core: Add support for RoCE v2 entropy 2016-01-19 15:35:00 -05:00
nfc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-11-10 18:11:41 -08:00
ntb NTB: fix 32-bit compiler warning 2015-11-08 16:24:43 -05:00
nubus
nvdimm libnvdimm, pmem: fix size trim in pmem_direct_access() 2015-11-12 09:55:23 -08:00
nvme lightnvm: replace req queue with nvmdev for lld 2015-12-07 09:14:19 -07:00
nvmem
of of/irq: Export of_irq_find_parent again 2015-12-09 09:08:36 -06:00
oprofile
parisc parisc iommu: fix panic due to trying to allocate too large region 2015-12-12 16:07:25 +01:00
parport
pci PCI updates for v4.4: 2015-12-09 09:26:06 -08:00
pcmcia
perf arm64 updates for 4.4: 2015-11-04 14:47:13 -08:00
phy phy: core: Get a refcount to phy in devm_of_phy_get_by_index() 2015-12-07 18:44:02 +05:30
pinctrl pinctrl: bcm2835: Fix initial value for direction_output 2015-12-14 11:31:20 +01:00
platform platform/chrome: Branch for v4.4 2015-11-13 21:53:18 -08:00
pnp
power - New Device Support 2015-11-06 10:23:50 -08:00
powercap powercap / RAPL: fix BIOS lock check 2015-12-12 02:31:11 +01:00
pps
ps3
ptp
pwm pwm: Changes for v4.4-rc1 2015-11-11 09:16:10 -08:00
rapidio
ras
regulator spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
remoteproc remoteproc: fix memory leak of remoteproc ida cache layers 2015-11-26 17:44:28 +02:00
reset
rpmsg
rtc rtc: da9063: fix access ordering error during RTC interrupt at system power on 2015-12-20 13:39:29 +01:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2015-11-18 08:59:29 -08:00
sbus
scsi Merge branches '4.5/Or-cleanup' and '4.5/rdma-cq' into k.o/for-4.5 2015-12-22 17:03:15 -05:00
sfi
sh drivers: sh: Get rid of CONFIG_ARCH_SHMOBILE_MULTI 2015-11-17 02:12:46 +09:00
sn
soc Few Keystone fixes for 4.4-rcx 2015-11-25 23:48:12 +01:00
spi Merge remote-tracking branches 'spi/fix/dspi' and 'spi/fix/spidev' into spi-linus 2015-12-16 13:28:32 +00:00
spmi char/misc drivers for 4.4-rc1 2015-11-04 22:15:15 -08:00
ssb ssb: add Kconfig entry for compiling SoC related code 2015-10-28 21:05:21 +02:00
staging IB: remove the write-only usecnt field from struct ib_mr 2015-12-23 14:29:06 -05:00
target target/stat: print full t10_wwn.model buffer 2015-11-28 21:23:13 -08:00
tc
thermal imx: thermal: use CPU temperature grade info for thresholds 2015-11-23 16:38:40 -08:00
thunderbolt
tty tty: Fix GPF in flush_to_ldisc() 2015-12-12 23:05:28 -08:00
uio
usb USB: fix invalid memory access in hub_activate() 2015-12-18 09:30:34 -08:00
uwb driver core update for 4.4-rc1 2015-11-04 21:50:37 -08:00
vfio Revert: "vfio: Include No-IOMMU mode" 2015-12-04 08:38:42 -07:00
vhost vhost: replace % with & on data path 2015-12-07 17:28:10 +02:00
video OMAPDSS: fix timings for VENC to match what omapdrm expects 2015-12-09 12:57:13 +02:00
virt
virtio virtio_ring: shadow available ring flags & index 2015-12-07 17:28:11 +02:00
vlynq
vme char/misc drivers for 4.4-rc1 2015-11-04 22:15:15 -08:00
w1 power supply and reset changes for the v4.4 series 2015-11-05 12:28:15 -08:00
watchdog watchdog: mtk_wdt: Use MODE_KEY when stopping the watchdog 2015-11-23 09:00:09 +01:00
xen xen: bug fixes for 4.4-rc5 2015-12-18 12:24:52 -08:00
zorro
Kconfig char/misc drivers for 4.4-rc1 2015-11-04 22:15:15 -08:00
Makefile null_blk: register as a LightNVM device 2015-11-16 15:22:28 -07:00